Hacker Forums Hacked

Three of the longest running and most notorious Russian-language forums serving thousands of experienced cyber criminals have been hacked. Intelligence experts say they detected a breach of the 'elite' Maza cyber crime forum, previously known as 'Mazafaka', on 3rd March 2021. 
 
Maza is a highly-restricted Russian-language cyber crime form that has been in operation for many years, providing a communal service for some of the most sophisticated cyber criminals and financial fraudsters. 

The hack exposed information of thousands of forum members, including their user ID, username, email, password (hashed and obfuscated), certificate file names, certificate passwords and members contact information on Yahoo, MSN, Skype, and the audio to text conversion platform ICQ. 

The data breach at Maza comes after another major Russian-language forum 'Verified' suffered a compromise in February 2021. Tens of thousands of private messages between Verified users, including deposit and withdrawal information about Bitcoin, were reportedly stolen in this breach.Another Russian hacker forum, 'Exploit', is also reportedl to have been hacked, with one forum member warning other users to be careful with registered emails across multiple forums. 

The hack has left forum members worried that their data may be used by law enforcement agencies to discover their real identities.

In the case of Maza, somebody dumped a 35 page PDF file on the Dark Web containing usernames, redacted passwords and other details the personal information of forum members.Researcehrs from the leading threat intelligence form  Flashpoint say the leaked Maza database is legitimate and that Maza forum visitors were being redirected to a breach announcement page.

According to the Krebs on Security website, only intelligence services or people who know where the servers have the required skill and capabilities to disrupt criminal forums to that extent and it would appear that someone is purposefully undermining these forums.

In February, Dutch police reportedly posted "friendly" messages on two hacking forums, saying that "hosting criminal infrastructure in the Netherlands is a lost cause". The police messages were posted after 'Operation Ladybird', in which law enforcement agencies across several countries join hands to disable Emotet, one of the  most dangerous malware botnets, which has been deployed in a number of major criminal attacks on banks and other organisations. 

As part of that investigation, the Dutch National Police discovered a database containing email IDs, usernames and passwords stolen by Emotet.

Maza was hacked once before in  ten years ago when the data of more than 2,000 cyber criminal users, along with all of their forum correspondence was exposed

Brian Krebs:     Flashpoint:       Computing:      BankInfoSecurity:       ZDNet

You Might Also Read:

DarkMarket Taken Down:

 

« On International Women’s Day Only 10% Of Top Executives Were Female
European Banking Authority Attacked »

Perimeter 81

Directory of Suppliers

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

WEBINAR: How To Build A Security Observability Strategy In AWS

WEBINAR: How To Build A Security Observability Strategy In AWS

Thursday, Apr 22, 2021 - Join this webinar to learn how to build a security observability strategy in AWS, covering cloud-native monitoring sources, guardrails, and automation capabilities.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Pluralsight

Pluralsight

Pluralsight provides online video training courses for software developers, IT administrators, and creative professionals.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

Indegy

Indegy

Indegy provide security solutions for industrial control system (ICS) networks.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

Sasa Software

Sasa Software

Sasa Software is a leading cyber security provider of extensive content sanitization and deep malware removal solutions.

Trustelem

Trustelem

Trustelem offers European and global companies a ready-to-use access management service that respects the principles of sovereignty, territoriality and privacy.

TechStak

TechStak

TechStak is the easiest way for businesses to find and connect with IT Pros and other technology solution providers in their area.

Asia Cybersecurity Exchange (ASIACYBERX)

Asia Cybersecurity Exchange (ASIACYBERX)

ASIACYBERX is a Start-Up Accelerator Program, Cybersecurity Talent Development, Training & Mentorship, Event Coordination, Job Marketplace and Co-working Office for Cybersecurity Start-ups.

Authenteq

Authenteq

Authenteq provides an Omni-Channel identity verification and KYC solution that allows your customers to verify their identity through any channel without compromising their privacy.

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.